aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorTim Culverhouse <tim@timculverhouse.com>2022-04-29 11:19:52 -0500
committerRobin Jarry <robin@jarry.cc>2022-05-04 14:07:15 +0200
commitdbf52bb4b48748586bb6343ae4ad6d424f0631ac (patch)
treebd806636b0be51f07218f5a9db9be45af72db9ba /lib
parentb29293d7b53c73629911ec75b2ec5954d365feed (diff)
downloadaerc-dbf52bb4b48748586bb6343ae4ad6d424f0631ac.tar.gz
pgp: check for signing key before signing time
Check that the signing key exists when the user issues the :sign command. The signing key ID will be displayed in the security status also, allowing the user to see what key will be used to sign the message. Signed-off-by: Tim Culverhouse <tim@timculverhouse.com> Tested-by: Jens Grassel <jens@wegtam.com>
Diffstat (limited to 'lib')
-rw-r--r--lib/crypto/crypto.go1
-rw-r--r--lib/crypto/gpg/gpg.go4
-rw-r--r--lib/crypto/gpg/gpgbin/gpgbin.go23
-rw-r--r--lib/crypto/gpg/gpgbin/keys.go13
-rw-r--r--lib/crypto/pgp/pgp.go18
5 files changed, 59 insertions, 0 deletions
diff --git a/lib/crypto/crypto.go b/lib/crypto/crypto.go
index 47eca99d..cab93462 100644
--- a/lib/crypto/crypto.go
+++ b/lib/crypto/crypto.go
@@ -19,6 +19,7 @@ type Provider interface {
ImportKeys(io.Reader) error
Init(*log.Logger) error
Close()
+ GetSignerKeyId(string) (string, error)
}
func New(s string) Provider {
diff --git a/lib/crypto/gpg/gpg.go b/lib/crypto/gpg/gpg.go
index 66cd3725..457788dc 100644
--- a/lib/crypto/gpg/gpg.go
+++ b/lib/crypto/gpg/gpg.go
@@ -51,6 +51,10 @@ func (m *Mail) Sign(buf *bytes.Buffer, signer string, decryptKeys openpgp.Prompt
func (m *Mail) Close() {}
+func (m *Mail) GetSignerKeyId(s string) (string, error) {
+ return gpgbin.GetPrivateKeyId(s)
+}
+
func handleSignatureError(e string) models.SignatureValidity {
if e == "gpg: missing public key" {
return models.UnknownEntity
diff --git a/lib/crypto/gpg/gpgbin/gpgbin.go b/lib/crypto/gpg/gpgbin/gpgbin.go
index da046f46..3ee81399 100644
--- a/lib/crypto/gpg/gpgbin/gpgbin.go
+++ b/lib/crypto/gpg/gpgbin/gpgbin.go
@@ -77,6 +77,29 @@ func getIdentity(key uint64) string {
return ""
}
+// getKeyId returns the 16 digit key id, if key exists
+func getKeyId(s string, private bool) string {
+ cmd := exec.Command("gpg", "--with-colons", "--batch")
+ listArg := "--list-keys"
+ if private {
+ listArg = "--list-secret-keys"
+ }
+ cmd.Args = append(cmd.Args, listArg, s)
+
+ var outbuf strings.Builder
+ cmd.Stdout = &outbuf
+ cmd.Run()
+ out := strings.Split(outbuf.String(), "\n")
+ for _, line := range out {
+ if strings.HasPrefix(line, "fpr") {
+ flds := strings.Split(line, ":")
+ id := flds[9]
+ return id[len(id)-16:]
+ }
+ }
+ return ""
+}
+
// longKeyToUint64 returns a uint64 version of the given key
func longKeyToUint64(key string) (uint64, error) {
fpr := string(key[len(key)-16:])
diff --git a/lib/crypto/gpg/gpgbin/keys.go b/lib/crypto/gpg/gpgbin/keys.go
new file mode 100644
index 00000000..660ce821
--- /dev/null
+++ b/lib/crypto/gpg/gpgbin/keys.go
@@ -0,0 +1,13 @@
+package gpgbin
+
+import "fmt"
+
+// GetPrivateKeyId runs gpg --list-secret-keys s
+func GetPrivateKeyId(s string) (string, error) {
+ private := true
+ id := getKeyId(s, private)
+ if id == "" {
+ return "", fmt.Errorf("no private key found")
+ }
+ return id, nil
+}
diff --git a/lib/crypto/pgp/pgp.go b/lib/crypto/pgp/pgp.go
index 92a15ee6..e0c5671b 100644
--- a/lib/crypto/pgp/pgp.go
+++ b/lib/crypto/pgp/pgp.go
@@ -245,6 +245,24 @@ func (m *Mail) getSigner(signer string, decryptKeys openpgp.PromptFunction) (sig
return signerEntity, nil
}
+func (m *Mail) GetSignerKeyId(s string) (string, error) {
+ var err error
+ var signerEntity *openpgp.Entity
+ switch strings.Contains(s, "@") {
+ case true:
+ signerEntity, err = m.getSignerEntityByEmail(s)
+ if err != nil {
+ return "", err
+ }
+ case false:
+ signerEntity, err = m.getSignerEntityByKeyId(s)
+ if err != nil {
+ return "", err
+ }
+ }
+ return signerEntity.PrimaryKey.KeyIdString(), nil
+}
+
func handleSignatureError(e string) models.SignatureValidity {
if e == "openpgp: signature made by unknown entity" {
return models.UnknownEntity